apparmor.d/profiles/system_tor

# vim:syntax=apparmor
include <tunables/global>

profile system_tor flags=(attach_disconnected) {
  include <abstractions/tor>
  include <abstractions/openssl>

  owner /var/lib/tor/** rwk,
  owner /var/lib/tor/ r,
  owner /var/log/tor/* w,

  # During startup, tor (as root) tries to open various things such as
  # directories via check_private_dir().  Let it.
  /var/lib/tor/** r,

  /{,var/}run/tor/ r,
  /{,var/}run/tor/control w,
  /{,var/}run/tor/socks w,
  /{,var/}run/tor/tor.pid w,
  /{,var/}run/tor/control.authcookie w,
  /{,var/}run/tor/control.authcookie.tmp rw,
  /{,var/}run/systemd/notify w,

  # Site-specific additions and overrides. See local/README for details.
  include <local/system_tor>
}
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00			`# vim:syntax=apparmor`
update profiles for apparmor3 2020-12-10 22:33:39 +01:00			`include <tunables/global>`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00
			`profile system_tor flags=(attach_disconnected) {`
update profiles for apparmor3 2020-12-10 22:33:39 +01:00			`include <abstractions/tor>`
			`include <abstractions/openssl>`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00
			`owner /var/lib/tor/** rwk,`
			`owner /var/lib/tor/ r,`
			`owner /var/log/tor/* w,`

			`# During startup, tor (as root) tries to open various things such as`
			`# directories via check_private_dir(). Let it.`
			`/var/lib/tor/** r,`

			`/{,var/}run/tor/ r,`
			`/{,var/}run/tor/control w,`
			`/{,var/}run/tor/socks w,`
			`/{,var/}run/tor/tor.pid w,`
			`/{,var/}run/tor/control.authcookie w,`
			`/{,var/}run/tor/control.authcookie.tmp rw,`
			`/{,var/}run/systemd/notify w,`

			`# Site-specific additions and overrides. See local/README for details.`
update profiles for apparmor3 2020-12-10 22:33:39 +01:00			`include <local/system_tor>`
move apparmor profiles to a seperate repo 2020-09-12 17:19:23 +02:00			`}`